Threat Analytics Search Utility – Chrome Extension

SECURITY TOOLS

THREAT ANALYTICS Search CHROME Extension

Current Version 4.0.4 – Updated on 8/26/2019 to include the capability to base64 encode the selection prior to its use. This expands the types of websites and services this extension can be used for.

Version4.0 – Updated on 5/7/2015 to add support for the 3rd group and the ability to HTTP POST in addition to GET. Also updated search providers – go to Options and click the “Refresh Now” button to see the new providers.

Chrome permissions have changed in this version as we added the capability to redirect input from the Chrome Extension to a web server of your choice via HTTP POST. Content is sent only to the URL you add as a search provider, using Javascript. To see the actual code, press Ctrl-Shift-I to view the developer’s tools in Chrome.

Most users will NOT need to use the POST function – just ignore it. The POST function is useful when you want to POST (versus GET) a search term to an application or API. You would copy the destination URL to the ‘Link’ field and add the raw POST data in the ‘Add POST value’ field. The HTTP POST will come from the Chrome extension by default, which some applications/APIs will not allow. In that case, use a PROXY to send the POST. A simple proxy script can be found here.

The screen shot below shows the intended usage – being able to search an IP address, a domain, or MD5 hash easily by opening multiple security websites at the same time.

The screenshot below is an example of the configuration options. By selecting the URL and clicking on “Domain Lookup”, the entire group will be opened in new tabs. This saves valuable time for security analysts involved in the investigations of a plethora of events. You can edit the group names (IP Lookup, Domain) just by clicking in the column header. Drag the arrows to rearrange search providers.

The initial configuration is downloaded from our website here. It looks like:

You can also make your own configuration file and host it yourself. Use the example one supplied as a guide. The first boolean value for each search provider (true/false) determines if the search provider is enabled by default. The second boolean value shows if the provider came from the remote configuration file or was added manually. The last item determines if the search provider is a member of no groups (0), group 1 (1), group 2 (2), or both groups (3).

If you have suggestions for search providers or improvements, please send an email to [email protected]. This will automatically open a case in our ticketing system.

About Cookies On This Site

We use cookies to collect and analyze information on site performance and usage, and to enhance and customise content and advertisements. By Clicking "OK" or by clicking into any content on this site, you agree to allow cookies to be placed. To find out more or to change your cookie settings, visit the cookies section of our privacy policy.